AnsweredAssumed Answered

Externally managed gateway as an Interoperable device?

Question asked by Vladimir Yakovlev Champion on Sep 27, 2018
Latest reply on Sep 28, 2018 by Valeri Loukine

As per documentation dating back forever, site to site VPNs between locally and externally managed Check Point gateways require us to define the remote unit as "Externally Managed Gateway".

This also entails defining the topology of the Externally Managed Gateway.

I've run into a situation where the peer is reluctant to provide their topology information and would like to know if:

1. Not specifying the topology will prevent this VPN from working

2. Could a remote unit be defined as the "Interoperable Device" to remove the need for topology definition

3. If [2] is possible, what is the benefit of defining the peer as "Externally Managed Gateway" when PSK is used?

 

I suspect that in cases when certificates are used and the remote peer's topology is properly defined, the ISP redundancy at the remote site could be taken advantage of but am not sure of the particulars.

Outcomes